Cyber criminals love tax season. It’s that time of the year when personal information such as Social Security numbers, W2s, and other sensitive data come out of the safe confines of the filing cabinet.
Year after year, criminals continue to try and sometimes succeed in their attempts to commit tax return fraud and identity theft. Because people are becoming more aware of many of these schemes, criminals have had to resort to ever-changing strategies.
For example, the IRS recently warned about one of the newer scams, a phishing scam that targets tax accounting firms and tax preparation experts. It is specifically designed to collect sensitive tax information that will allow criminals to prepare and file fraudulent tax returns.
This particular scam is executed in two stages. First, the tax expert gets an email from what looks like a prospective client requesting services. When the tax practitioner responds to the email, the criminal implements the second step, sending a second email which either has a malicious embedded link or a PDF attachment with an embedded link.
When the tax practitioner clicks the link, the fraudsters collect the tax professional’s email account info and passwords (and sometimes other information, too).
Other phishing emails are cleverly disguised to appear to be from a legitimate source (such as someone in the victim’s contact list). The email will be well crafted and very convincing. Sometimes it will appear as though a current client is sending information that has been updated. As a best practice, the IRS advises all tax practitioners that if they receive a suspicious email, it is best not to click on it. It is better to call the client and confirm the information in the email firsthand.
The IRS also encourages tax practitioners to create strict internal policies, and follow cyber security guidelines using best practices developed by security experts.
Riya Kapoor* is a tax specialist at one of America's leading tax preparation and tax services companies. According to Riya, most of her clients are so concerned about getting their taxes done correctly and on time that they don't ask much about how Riya or her company keep their data safe. They may assume that the majority of the responsibility lies with the company to ensure that their clients’ data is well guarded.
Like most tax professionals, Riya is well aware of phishing emails and social engineering scams, and she and her colleagues use computers and laptops fortified with strong antivirus software.
Even with these precautions, Riya still fears the loss of processed data that can happen as a result of malware, ransomware, or other viruses. And although Riya and her company take every precaution to ensure all data is encrypted and goes through their secure server, she knows that one human error is all it takes to put a client’s data at risk.
With so much at stake, you can make sure you are working with a cyber-safe tax preparer by asking the right questions – and getting the right answers – from your tax practitioner. For example:
- What steps do you take to preserve the confidentiality and privacy of taxpayer data?
- How do you protect data, both digital and hard copies?
- Are all of your employees aware of the latest scams?
- Does your company encrypt data?
- How do you dispose of “old” data?
Individuals preparing their own taxes can use these precautions, too.
- Always use a robust security suite like Norton Security in your computer to keep all viruses and malware away.
- Never click on suspicious links in emails, even emails from friends and family.
- Back up all your data in safe external locations like the cloud or a portable device.
- Whenever possible, avoid using public Wi-Fi to file taxes. If public Wi-Fi is your only option, make sure you are encrypting the data and using two-factor authentication. Better yet, use a Wi-Fi privacy product like Norton WiFi Privacy.
Stay aware of the scams that are taking place around you.